Hi,
On Wed, Mar 12, 2014 at 00:16:19 CET, PePa wrote:
> I'm a big fan of dm-crypt/luks.
> I'm trying to reencode a crypto_LUKS partition from -c aes-cbc-plain -s 128
> -h sha1
> like this:
> cryptsetup-reencrypt -c twofish-xts-plain64 -s 512 -h sha512 -i 2000 -B 32
> /dev/sda4
>> Output I'm getting:
> Device LUKS-71a94fa6-9c84-45d7-80e8-ee61be3887e0.new is too small.
> Creation of LUKS backup headers failed.
>> On it is a Physical lvm2-volume that could be shrunken. Is it just a matter
> of doing that? How much more space is needed??
If you look at FAQ Item 6.2, you an see that you go from a herader
size a little over 1MB to one thet is 2MB in size. The difference
does not sound like much and is indeed not much, but it has to
be available.
The --reduce-device-size of cryptsetup-reencrypt can be used to
enlarge the header by what is needed, but will just cut off the
amount the data-area gets shifted from its endm, thereby likely
damaging the filesystem in there and destroying data, or, in the
worst case, the while filesystem.
So in theory, you could use some tool to shrink the filesystem
in the openend container and then use this option to shift and
cut the data ares.
However, there are several high-risk operations in here that
you should under no circumstances run without a full, good
data backup. If you have that, it is a lot easier to just erase
the old container, create a new one and restore your data into
that.
FAQ Item 6.4 discusses how to do an encrypted data backup
with tar and GPG.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. - Plato